Sunday, September 8, 2013

hacker resistent passwords


Hacker-resistant passwords — Ted Demopoulos
Figuring out most passwords is trivial for hackers, the NSA, and even me. Lots of free tools to “crack” and guess passwords are available. We “good guys” call this “password auditing” instead of “cracking” usually.
Also, we have far too many passwords to remember.
The standard advice of using a different password for every site or service and never writing passwords down is simply wrong. Here is what I suggest.
1) For very important sites (e.g., banking, website access) use a unique password, change it at least occasionally, and make sure it is a great password. A great password is long (I like 10+ characters), NOT a dictionary word, name, or anything related to you that could be guessed (like your kids’ names concatenated together), and contains letters, digits, and other characters as well.
  • “redsox” is a horrible password
  • “R3ds0x” is better but still too short and “cracker” programs do try simple substitutions like “3” for “e” and “0” for “o”
  • “4Aug!985R3ds0x” is a great password, and maybe if you are a massive Red Sox fan and that is an important date for you it is simple to remember.
2) For less-important and non-important sites, like newspaper sites and others that make you register, use a common password that is relatively easy to remember and don’t worry about it.
You can also go to 3 tiers of passwords: Passwords for critical sites, passwords for less-important sites, and a generic password for all others.
Now if you have a number of very important sites and hence passwords, they can be hard to remember. Feel free to write them down if necessary, and treat them like credit cards! You do not leave your credit card info lying around, do you? (For example, written on a PostIt note on your monitor?) And if you lose your wallet/purse, you would cancel/change all the cards IMMEDIATELY, right?
So, how do you determine which passwords are most critical, other than perhaps common sense or gut feel? Ask the question, “How bad could it be if someone got into this account?”

No comments:

Post a Comment

Men Taking Responsilbilty


I made this widget at MyFlashFetish.com.